Sunday, September 21, 2008

Re: [HACKERS] [patch] fix dblink security hole

"Marko Kreen" <> writes:
> On 9/21/08, Joe Conway <> wrote:
>> Why? pg_service does not appear to support wildcards, so what is the attack
>> vector?

> "service=foo host=custom"

The proposal to require a password = foo entry in the conn string seems
to resolve all of these, without taking away useful capability. I don't
think that forbidding use of services altogether is a good thing.

So that seems to tilt the decision towards exposing the conninfo_parse
function. Joe, do you want to have a go at it, or shall I?

regards, tom lane

Sent via pgsql-hackers mailing list (
To make changes to your subscription:

No comments: